Share this story

Nation-sponsored hackers have penetrated the operational networks multiple US and European energy companies use to control key parts of the power grid that supplies electricity to hundreds of millions of people, researchers warned Wednesday.

The incursions detected by security firm Symantec represent a dramatic escalation by a hacking group dubbed Dragonfly, which has been waging attacks against US and European energy companies since at least 2011. In 2014, Symantec reported that Dragonfly was aggressively establishing beachheads in a limited number of target networks, mainly by stealing the user names and passwords used to restrict access to legitimate personnel. Over the past year, the hacking group has managed to compromise dozens of energy firms and, in a handful of cases, install backdoors in the highly sensitive networks the firms use to supply power to the grid.

"What's most concerning is we now see them intruding on operational networks of energy companies," Eric Chien, technical director of Symantec's security response and technology division, told Ars. "Before, we were talking about them being one step away, and what we see now is that they are potentially in those networks and are zero steps away. There are no more technical hurdles for them to jump over."

The escalation is troubling because operational networks—sometimes called electronic security perimeters in the energy industry—can often wield significant influence over the stability of the electric grid they're responsible for. In the Northeast Blackout of 2003, a contributing cause was the failure of a system in an operational network that tracked the health of the grid in real time. When a separate fault occurred, the grid supplying electricity to 55 million people shut down.

At a minimum, attackers who have control of a company's operational network could use it to become de facto operators of the company's energy assets. That control includes the ability to turn on or off breakers inside the companies' infrastructure and hijack systems that monitor the health of the grid. That's an unsettling scenario, but there's a more troubling one still: the attackers might also be able to use their control of multiple grid-connected operational networks to create the kinds of failures that led to the Northeast Blackout of 2003. Chien said Symantec has recently issued private warnings to more than 100 energy companies and organizations, including the North American Electricity Reliability Corporation and the US Department of Homeland Security. On Wednesday, it was expected to publish a public warning here.

The Symantec report stressed that simply removing malware from infected networks wasn't enough to counter the threat because in many cases the attackers have the credentials and other data needed to regain control. Wednesday's report provides a variety indicators energy companies can use to tell if their networks have been compromised by Dragonfly. It also lists several best practices for avoiding future compromises, including the use of long, randomly generated passwords that can't be guessed when attackers get ahold of the corresponding cryptographic hash.

Wouldn't be the first time

Further Reading

If Symantec's worst fears were to materialize, it wouldn't be unprecedented. In December 2015, a hack attack on a power distribution center just outside Kiev, the capital of Ukraine, caused about 225,000 people to lose power for as long as six hours. It was the world's first known instance of someone using hacking to generate a real-world power outage. Almost to the day one year later, a hack attack on a Ukrainian power transmission facility caused a smaller number of Kiev residents to lose power for about an hour. Researchers have attributed the attacks to a hacking group dubbed Sandworm.

Further Reading

In the 2015 attack, Sandworm used a revamped version of a tool known as BlackEnergy to break into the corporate network of the targeted power companies and from there to collect passwords and other data that would allow the hackers to penetrate the supervisory control and data acquisition systems the companies used to generate and transmit electricity. Sandworm then used the access to open circuit breakers that cut power. In 2016, Sandworm was back with a new piece of malware dubbed Crash Override by some researchers and Industroyer by others. The custom malware was designed specifically to attack electric grid systems by using the same arcane technical protocols that individual systems rely on to communicate with one another.

Dragonfly, by contrast, uses a completely different set of tools, leading Chien to believe the two groups are completely separate. Both the earlier Dragonfly campaigns in 2013 and 2014 and the group's more recent attacks relied solely on backdoors and remote access trojans. From there, the attackers might use their access to operational networks to manually control the breakers in much the way Sandworm did in the 2015 attack. It's also possible Dragonfly might deploy an as-yet unseen piece of malware that automates malicious functions similarly to how Crash Override did.

After this Ars post went live, several security professionals with expertise in electric grids downplayed the likelihood of the operational network compromises being used to cause blackouts or take down parts of the grid. Robert Lee, the founder and CEO of Dragos Security, said the hackers would need more than the mere ability to control human machine interfaces that flip switches and open and close breakers. While he said an attack that mimicked the techniques that disrupted Ukrainian power in 2015 was possible, he said differences in the US grid would make those tactics much less effective. Lee's Twitter thread below is well worth reading all the way through:

Lots of buzz about Symantec's Dragonfly 2.0 so I'd like to add some first impression thoughts in this thread. (1/X)

Manual attacks are more difficult in the U.S. than in Ukraine based on sheer size. In order to cause an effect, something or someone would need to 'flip the switch', deploy a 'crash' devices, etc., but we don't believe there are any technical hurdles in doing so. Crashoverride, which we saw used in the Ukraine, set the precedence of that. In this case, the actors have the needed access. The day we discover another 'crashoverride v2', it will be too late. That means it was already deployed. We don't expect to see a blackout tomorrow. That will likely require some political event. But it is technically possible.

Asked specifically what was different in the latest attacks, Chien told Ars: "We have seen them perform purposeful activity on operational systems in this case. In the first case, we saw them have what we described as a 'beachhead'. Now, we have seen them penetrate into operational systems and perform activity on those systems. Related, the scale of attempted and successful compromises for the US including the types of organizations affected is much more concerning."

Another Dragonfly infection technique relied on so-called watering hole attacks, in which attackers infected websites known to be frequented by energy company personnel. Dragonfly members would then infect targets when they visited the booby-trapped sites. Yet another tactic was the use of fake Adobe Flash updates that installed backdoors.

Little is known for sure about the people who make up Dragonfly. Text strings embedded into some of their code contains both Russian and French words, an indicator that one or both of those may be false flags intended to deceive investigators. Timestamps found in the malware used in the earlier Dragonfly campaigns suggested the group mostly worked Monday through Friday between what would be the hours of 9 am to 6 pm in Eastern Europe. Timestamps in the malware used in the latest campaign suggested roughly the same hours and region, but the data is far too limited to draw any conclusions. The use of publicly available malware and administrative tools such as PowerShell, PsExec, and Bitsadmin also make attribution difficult.

"What is clear is that Dragonfly is a highly experienced threat actor, capable of compromising numerous organizations, stealing information, and gaining access to key systems," Symantec researchers wrote in Wednesday's report. "What it plans to do with all this intelligence has yet to become clear, but its capabilities do extend to materially disrupting targeted organizations should it choose to do so."

This post was updated to add security experts' reaction to Symantec's findings.

Promoted Comments

Ask people in the industry if there is such thing as a true air-gaped system in the ICS/SCADA world and they will probably tell you no. Perhaps in the 80's and 90's this held true, but not with the complexity of today's systems and architectures.

Fact is in this day and age, control systems are rarely completely isolated. Most will connect to the enterprise network internally in some capacity.

The rules for what qualifies as isolated are clearly defined in NERC cyber standards. These are considered the acceptable minimal standards/practices. There can be, in certain places, instances of pi servers being fed data through data diodes to provide info to corporate networks.

Air Gap doesn't eliminate risk of people, portable media, etc. Programs are in place for those, and violations much more likely in that arena, so segmentation is also important.

I'm sorry, but why is the power grid control network directly connected to the Internet in the first place???

It isn't. There are very clear standards for grid reliability and cyber security, which include isolation from the internet. At least that is the case in the US. But articles like this tend to lead one to erroneously believe they are connected.

I don't understand why you say this post tends to lead people to this erroneous conclusion. It specifically links to the NERC requirements for electronic security perimeters.

86 Reader Comments

Even after resetting all the affected passwords, what will keep these attacks from happening again? I wonder what the next form of access security will be - the password now seems to be the weakest link in the system.

Beyond that, it seems that distributed generation offered by some renewables (e.g. solar in particular) might also offer some security benefits as well - being harder to hit multiple targets than a single utility.

Even after resetting all the affected passwords, what will keep these attacks from happening again? I wonder what the next form of access security will be - the password now seems to be the weakest link in the system.

Beyond that, it seems that distributed generation offered by some renewables (e.g. solar in particular) might also offer some security benefits as well - being harder to hit multiple targets than a single utility.

no matter the security there will always be one weak link the one betwixt the keyboard and chair.

Even after resetting all the affected passwords, what will keep these attacks from happening again? I wonder what the next form of access security will be - the password now seems to be the weakest link in the system.

Beyond that, it seems that distributed generation offered by some renewables (e.g. solar in particular) might also offer some security benefits as well - being harder to hit multiple targets than a single utility.

no matter the security there will always be one weak link the one betwixt the keyboard and chair.

True, but I was thinking a biometric-backed password (along the lines of chip-and-PIN) might be a bit more secure. Perfect? No. But likely harder to crack than with simple phishing.

I'm sorry, but why is the power grid control network directly connected to the Internet in the first place???

Money. Moving specialists around to check on infrastructure is expensive. Being able to log in remotely is cheap. And if it all goes horribly wrong, the government will have to get involved to prevent a disaster, so there's no downside... at least for the CEO.

At what point are companies and the countries that regulate them going to figure out that some forms of critical infrastructure need to have proper security.

I'm sure after Iran's centrifuges were disrupted by cyber attacks other countries woke up to the surveillance/pre-emptive strike capabilities.

Imagine US goes to war with NK and suddenly the entire US domestic grid goes down. I wonder how much of the internet and hence logistics control would go with it? The cost alone could be punitive. Better still it could be another actor pulling the plug and blaming NK.

Even after resetting all the affected passwords, what will keep these attacks from happening again? I wonder what the next form of access security will be - the password now seems to be the weakest link in the system.

Beyond that, it seems that distributed generation offered by some renewables (e.g. solar in particular) might also offer some security benefits as well - being harder to hit multiple targets than a single utility.

no matter the security there will always be one weak link the one betwixt the keyboard and chair.

True, but I was thinking a biometric-backed password (along the lines of chip-and-PIN) might be a bit more secure. Perfect? No. But likely harder to crack than with simple phishing.

actually that'd be less secure you can't change biometric and systems like can sometimes be fooled especially if linked to a windows pc, one driver swap and poof! no more security.

however if you're thinking along the lines of chip and pin than a cryptographic smart rfid card would work as well and be even more secure if its not mentioned and their only told they need to swipe their badges then type their password to log-in.

Even after resetting all the affected passwords, what will keep these attacks from happening again? I wonder what the next form of access security will be - the password now seems to be the weakest link in the system.

Beyond that, it seems that distributed generation offered by some renewables (e.g. solar in particular) might also offer some security benefits as well - being harder to hit multiple targets than a single utility.

no matter the security there will always be one weak link the one betwixt the keyboard and chair.

True, but I was thinking a biometric-backed password (along the lines of chip-and-PIN) might be a bit more secure. Perfect? No. But likely harder to crack than with simple phishing.

actually that'd be less secure you can't change biometric and systems like can sometimes be fooled especially if linked to a windows pc, one driver swap and poof! no more security.

however if you're thinking along the lines of chip and pin than a cryptographic smart rfid card would work as well and be even more secure if its not mentioned and their only told they need to swipe their badges then type their password to log-in.

No, I didn't mean a biometric-only password, but a combination. Namely something like a thumb print or iris scan AND password. Theory being, there's no card that can be stolen or lost.

Even after resetting all the affected passwords, what will keep these attacks from happening again? I wonder what the next form of access security will be - the password now seems to be the weakest link in the system.

Beyond that, it seems that distributed generation offered by some renewables (e.g. solar in particular) might also offer some security benefits as well - being harder to hit multiple targets than a single utility.

no matter the security there will always be one weak link the one betwixt the keyboard and chair.

True, but I was thinking a biometric-backed password (along the lines of chip-and-PIN) might be a bit more secure. Perfect? No. But likely harder to crack than with simple phishing.

actually that'd be less secure you can't change biometric and systems like can sometimes be fooled especially if linked to a windows pc, one driver swap and poof! no more security.

however if you're thinking along the lines of chip and pin than a cryptographic smart rfid card would work as well and be even more secure if its not mentioned and their only told they need to swipe their badges then type their password to log-in.

No, I didn't mean a biometric-only password, but a combination. Namely something like a thumb print or iris scan AND password. Theory being, there's no card that can be stolen or lost.

true but as pointed out if it gets compromised you can't change the biometric part and as you pointed out passwords are weak on their own

I'm sorry, but why is the power grid control network directly connected to the Internet in the first place???

It's the cheapest way to do it.

We're not in the world of secure, robust, restricted-access government controlled utilities anymore. We live in the new, efficient, cut-cost world of private enterprise and for-profit essential utilities. It's why consumer costs are the highest they've ever been, it's highly efficient.

If you weren't going to be held responsible for not securing your control systems, would you? Would you even care?

true but as pointed out if it gets compromised you can't change the biometric part and as you pointed out passwords are weak on their own

Biometry is a good identifier. You could use some sort of 2FI (2-factor-identifier) to make things harder for attackers. Along with good MFA (multi-factor-authentication) it would make the system less susceptible to intrusions. And by MFA I mean more than 2 factors even if one of them are passwords.

But still, as pointed out, these critical infra-structure shouldn't be controllable from the internet. At worst use your own network. You simply don't expose systems that can be turned into bombs (metaphorical or not) to the outside.

Even after resetting all the affected passwords, what will keep these attacks from happening again? I wonder what the next form of access security will be - the password now seems to be the weakest link in the system.

Beyond that, it seems that distributed generation offered by some renewables (e.g. solar in particular) might also offer some security benefits as well - being harder to hit multiple targets than a single utility.

no matter the security there will always be one weak link the one betwixt the keyboard and chair.

True, but I was thinking a biometric-backed password (along the lines of chip-and-PIN) might be a bit more secure. Perfect? No. But likely harder to crack than with simple phishing.

actually that'd be less secure you can't change biometric and systems like can sometimes be fooled especially if linked to a windows pc, one driver swap and poof! no more security.

however if you're thinking along the lines of chip and pin than a cryptographic smart rfid card would work as well and be even more secure if its not mentioned and their only told they need to swipe their badges then type their password to log-in.

I think another poster has already pointed out MFA/MFI. Something you have on you/in you and something you know. Or multiples of.

I downvoted you for the run-on sentence, and bad grammar. That hurt my head to process.

Even after resetting all the affected passwords, what will keep these attacks from happening again? I wonder what the next form of access security will be - the password now seems to be the weakest link in the system.

Beyond that, it seems that distributed generation offered by some renewables (e.g. solar in particular) might also offer some security benefits as well - being harder to hit multiple targets than a single utility.

no matter the security there will always be one weak link the one betwixt the keyboard and chair.

True, but I was thinking a biometric-backed password (along the lines of chip-and-PIN) might be a bit more secure. Perfect? No. But likely harder to crack than with simple phishing.

actually that'd be less secure you can't change biometric and systems like can sometimes be fooled especially if linked to a windows pc, one driver swap and poof! no more security.

however if you're thinking along the lines of chip and pin than a cryptographic smart rfid card would work as well and be even more secure if its not mentioned and their only told they need to swipe their badges then type their password to log-in.

No, I didn't mean a biometric-only password, but a combination. Namely something like a thumb print or iris scan AND password. Theory being, there's no card that can be stolen or lost.

true but as pointed out if it gets compromised you can't change the biometric part and as you pointed out passwords are weak on their own

Don't forget that using iris or thumbprint scans would give an attacker a reason to remove your eye or thumb.

true but as pointed out if it gets compromised you can't change the biometric part and as you pointed out passwords are weak on their own

Biometry is a good identifier. You could use some sort of 2FI (2-factor-identifier) to make things harder for attackers. Along with good MFA (multi-factor-authentication) it would make the system less susceptible to intrusions. And by MFA I mean more than 2 factors even if one of them are passwords.

But still, as pointed out, these critical infra-structure shouldn't be controllable from the internet. At worst use your own network. You simply don't expose systems that can be turned into bombs (metaphorical or not) to the outside.

edit: grammar fail

biometry is a great identifier but not a good candidate for secure access control

I'm sorry, but why is the power grid control network directly connected to the Internet in the first place???

I would go even further and ask why is general-purpose OS used to control such critical infrastructure? Industrial infrastructure should be run on entirely custom, very minimal OS that is tailored for the purpose, hardened and pen-tested thoroughly. It is absurd that same vulnerabilities that exist on my mother's computer used for browsing Facebook also affect most critical industrial infra...

Even after resetting all the affected passwords, what will keep these attacks from happening again? I wonder what the next form of access security will be - the password now seems to be the weakest link in the system.

Beyond that, it seems that distributed generation offered by some renewables (e.g. solar in particular) might also offer some security benefits as well - being harder to hit multiple targets than a single utility.

no matter the security there will always be one weak link the one betwixt the keyboard and chair.

True, but I was thinking a biometric-backed password (along the lines of chip-and-PIN) might be a bit more secure. Perfect? No. But likely harder to crack than with simple phishing.

actually that'd be less secure you can't change biometric and systems like can sometimes be fooled especially if linked to a windows pc, one driver swap and poof! no more security.

however if you're thinking along the lines of chip and pin than a cryptographic smart rfid card would work as well and be even more secure if its not mentioned and their only told they need to swipe their badges then type their password to log-in.

I think another poster has already pointed out MFA/MFI. Something you have on you/in you and something you know. Or multiples of.

I downvoted you for the run-on sentence, and bad grammar. That hurt my head to process.

yeah they did a good argument for things like smart cards of 2FA number generator things.or the like.

also i could do tons worse on grammar id reccomend exposure therapy for curing that headache ailment there

I used to work in the legal department for one of the NERC (North American Electric Reliability Corporation) Regional Entities in responsible for auditing utilities on their physical reliability and cybersecurity preparedness. I'm not an IT expert, but I saw some truly appalling things while I was there. The actual auditors were highly qualified but the managers were idiots. This was the worst audit I saw while I was there and they only got a $1.7 million fine in the end, which is chump change to a billion dollar utility. https://www.lexology.com/library/detail ... 8435873f27

If you can't read that summary of finding linked in the article through the NERC alphabet soup it basically says that people weren't trained, control room doors were propped open and the operators shared passwords, and they didn't understand their own network topography enough to figure out which components should be protected and isolated.

This company was particularly bad, but they all have problems. Some of the hardware with embedded OS (switches, relays, generator controls) were based on Windows XP, at least as of 2 years ago. There's just no financial incentive to fix this stuff. State PUCs don't count investment in IT infrastructure the same way they do building a power plant and the fines aren't enough to scare them.

It's just a shame that good network security for backbone infrastructure is nowhere near as sexy as airport security theatre, giant walls and heavily armed police. It'll take until something goes massively wrong before any politician wakes the fuck up.

Even after resetting all the affected passwords, what will keep these attacks from happening again? I wonder what the next form of access security will be - the password now seems to be the weakest link in the system.

Beyond that, it seems that distributed generation offered by some renewables (e.g. solar in particular) might also offer some security benefits as well - being harder to hit multiple targets than a single utility.

Bioidentification in the form of fingerprint or face recognition is the answer. The person must appear in front of the camera or finger sensor to be allowed to the system. Impossible to break in remotely if the OS has no hidden backdoor or bug. The downside is that the employee cannot log in remotely either.

Even after resetting all the affected passwords, what will keep these attacks from happening again? I wonder what the next form of access security will be - the password now seems to be the weakest link in the system.

Beyond that, it seems that distributed generation offered by some renewables (e.g. solar in particular) might also offer some security benefits as well - being harder to hit multiple targets than a single utility.

no matter the security there will always be one weak link the one betwixt the keyboard and chair.

True, but I was thinking a biometric-backed password (along the lines of chip-and-PIN) might be a bit more secure. Perfect? No. But likely harder to crack than with simple phishing.

Please don't think. Let the professionals handle it.

Google guidance has shifted towards keys on a stick like Yubikey. Because the key is isolated and not user known there is not much attack surface. The code involved is also small enough to eventually be bug and security defect free.

I'm sorry, but why is the power grid control network directly connected to the Internet in the first place???

Money. Moving specialists around to check on infrastructure is expensive. Being able to log in remotely is cheap. And if it all goes horribly wrong, the government will have to get involved to prevent a disaster, so there's no downside... at least for the CEO.

John Swanson

Why cant it all be put onto a permanent VPN with 2 factor authentication?

I'm sorry, but why is the power grid control network directly connected to the Internet in the first place???

Money. Moving specialists around to check on infrastructure is expensive. Being able to log in remotely is cheap. And if it all goes horribly wrong, the government will have to get involved to prevent a disaster, so there's no downside... at least for the CEO.

John Swanson

Why cant it all be put onto a permanent VPN with 2 factor authentication?

VPN is still internet-connected. VPN protocols can be compromised, credentials leaked, and the computer of the operator that is using said VPN can be hijacked. Thus, using VPN does not really change that much. 2FA is also not a silver bullet.

A couple of months ago I read the book Blackout, which developed such a scenario culminating in weeks of electricity loss. It's frightening that such a scenario has become so likely to take place so soon after.

I'm sorry, but why is the power grid control network directly connected to the Internet in the first place???

It's the cheapest way to do it.

We're not in the world of secure, robust, restricted-access government controlled utilities anymore. We live in the new, efficient, cut-cost world of private enterprise and for-profit essential utilities. It's why consumer costs are the highest they've ever been, it's highly efficient.

If you weren't going to be held responsible for not securing your control systems, would you? Would you even care?

My only regret is that I can only upvote you once.

The government could require them to harden their systems, but they won't. We're already seeing the current administration looking to roll back dodd-frank regulations on the too big to fail wall street banks.

Industry deregulation is a sham because there is no moral capital in corporate America. Ask the Enron boys.

I'm sorry, but why is the power grid control network directly connected to the Internet in the first place???

Because nobody wanted to pay for dedicated infrastructure. And you want outside connections for some software that run a power plant. One example is software that predicts heating demand and plan how the utility should run a grid/district heating system (my experience is from district heating grids) to minimize cost. Software like this want current data, historical data, weather reports and status of availible plants to optimize for lowest possible cost. You could use a human to gap the two systems, but that is not happening because costs. Nobody will pay a dude to read a screen and punch the numbers into another computer

You would be pleased to know that a local utility in my country is/was planning to test new cost-saving equipment to run a plant like this. New ones are so automated they practically run themself, so the operator want to have noone there during the nights (when personal cost double to tripple) and instead have a guy sleeping at home being in charge. He will have a tablet that wake him up if something is wrong, and the tablet can be used to monitor the entire plant/control parts of it.

So, basically, we are moving towards apps conneted to infrastructure. Sure, it is not as critical as the grid, but still. I got no info on what tablet, and how the project is going today, it might have been scrapped.

I am in no way surpriced by the article. My experience of control rooms are that they usually have older operators with very limited IT experience. The resistance to change is high, and stuff that will result in "more work" is unpopular. If there are password, they are short, easily guessable and written on a post-it underneath the monitor. Equipment run old operating systems because the control software is not availible on newer OS. When I asked about it last time I got the answer "naa, nobody will do it, why would they?".

No, I didn't mean a biometric-only password, but a combination. Namely something like a thumb print or iris scan AND password. Theory being, there's no card that can be stolen or lost.

true but as pointed out if it gets compromised you can't change the biometric part...

I wish people would stop repeating this nonsense. You don't "change your biometrics because someone found them out". Do you change your name when someone "finds it out"? Do you change your height when someone sees how tall you are?

You don't authenticate with those things because they are trivial to find out and then trivial to spoof. Not because you can't change them. A biometric that doesn't change would be ideal otherwise.

Relax everyone. No one is going to take over control of our grid just to knock out power to homes for a few hours or days.

No, they're going to wait until they have enough control that their commands will actually destroy infrastructure. Then it's not "When will they turn the power back on?" it becomes "When will the new parts arrive from the foreign factory to replace the hundreds of thousands of transformers, generators, and plants which were severely damaged?"

Even after resetting all the affected passwords, what will keep these attacks from happening again? I wonder what the next form of access security will be - the password now seems to be the weakest link in the system.

Beyond that, it seems that distributed generation offered by some renewables (e.g. solar in particular) might also offer some security benefits as well - being harder to hit multiple targets than a single utility.

no matter the security there will always be one weak link the one betwixt the keyboard and chair.

True, but I was thinking a biometric-backed password (along the lines of chip-and-PIN) might be a bit more secure. Perfect? No. But likely harder to crack than with simple phishing.

actually that'd be less secure you can't change biometric and systems like can sometimes be fooled especially if linked to a windows pc, one driver swap and poof! no more security.

however if you're thinking along the lines of chip and pin than a cryptographic smart rfid card would work as well and be even more secure if its not mentioned and their only told they need to swipe their badges then type their password to log-in.

You have the user swipe and also provide userid/password like they always have. What they don't realize (and you don't tell them) is that the system ignores the password and authenticates with the swipe, verifying with userid. This way the enemy can phish all the passwords they like and it will do them no good at all since the password is just a red herring.

I'm sorry, but why is the power grid control network directly connected to the Internet in the first place???

It isn't. There are very clear standards for grid reliability and cyber security, which include isolation from the internet. At least that is the case in the US. But articles like this tend to lead one to erroneously believe they are connected.